November 6, 2024 at 08:06AM The SANS 2024 report reveals a rise in attacks on industrial control systems, with 74.4% of incidents being non-ransomware related. Key attack vectors include remote services and supply chain compromises. While ransomware incidents are relatively low (12%), their impact on ICS/OT environments remains severe, affecting reliability and safety. **Meeting Takeaways: … Read more
November 6, 2024 at 07:27AM Microchip Technology’s recent financial report highlights a $21.4 million expense linked to a ransomware attack. The company’s financial performance has been impacted by this cybersecurity incident, which is detailed in the report. **Meeting Takeaways:** 1. **Financial Impact**: Microchip Technology has reported expenses of $21.4 million related to a recent ransomware … Read more
November 5, 2024 at 03:58PM Hackers known as “Hellcat” claim to have stolen over 40GB of sensitive data from Schneider Electric, demanding a $125,000 ransom. They breached the company’s Jira system and threatened to release the data if their demands are unmet. Schneider Electric is investigating, acknowledging unauthorized access but not confirming the theft. ### … Read more
November 5, 2024 at 06:07AM Zero Trust security enhances organizational security by eliminating implicit trust and continuously validating user access. It addresses limitations of traditional models by mitigating insider threats and improving compliance. Wazuh aids this approach through real-time monitoring, incident response, and visibility, thereby protecting against evolving cyber threats and data breaches. ### Meeting … Read more
November 4, 2024 at 02:24PM Schneider Electric confirmed a breach of its developer platform, with a threat actor claiming to have stolen 40GB of data from its JIRA server, including 75,000 unique email addresses. The company’s Global Incident Response team is investigating, and its products remain unaffected. The hacker demands $125,000 in “Baguettes” not to … Read more
November 3, 2024 at 04:16PM Interlock is a new ransomware operation targeting FreeBSD servers, launched in September 2024. It has attacked six organizations, with data leaks occurring after ransom demands were ignored. The Windows encryptor operates effectively, while challenges persist with the FreeBSD version. Ransom demands range from hundreds of thousands to millions. **Meeting Takeaways: … Read more
November 2, 2024 at 05:38AM The UK’s Financial Conduct Authority (FCA) urges financial institutions to enhance resilience against IT failures, highlighted by CrowdStrike’s significant outage affecting major banks and services. Compliance with FCA’s PS21/3 rules is necessary by March 2025. Delta Air Lines is suing CrowdStrike for losses related to the incident, alleging negligence. **Meeting … Read more
October 31, 2024 at 10:01AM The July CrowdStrike outage highlighted risks in vendor security, prompting discussions on industry responses to such events. Companies should assess vendor reliability, avoid hasty changes, and maintain a balanced approach to updates. Leaders must act cautiously, avoiding panic-driven decisions while improving cybersecurity resilience and business continuity strategies. ### Meeting Takeaways … Read more
October 31, 2024 at 08:05AM LottieFiles faced a security breach after a developer account was compromised, leading to malicious code being pushed to users, potentially draining their crypto wallets. The company released a safe version (2.0.8) and assured users that their other services were unaffected. Outside security experts were involved in resolving the incident. **Meeting … Read more
October 31, 2024 at 07:24AM Mystic Valley Elder Services reported a security breach in April, potentially compromising personal information of 87,000 individuals. The organization is addressing the incident and investigating the extent of the data theft. **Meeting Notes Takeaways:** 1. **Incident Overview**: Mystic Valley Elder Services identified a security breach in April. 2. **Data Compromised**: … Read more